Nginx Proxy Manager with duckdns at Home Assistant Let's Encrypt Cert issue

My domain is: homeassistant013.duckdns.org

My web server is (include version): HA 2021.5.5

The operating system my web server runs on is (include version):Linux core-ssh 5.4.109 #1 SMP thu Apr 1 15:55:10 UTC 2021 x86_64 Linux

I can login to a root shell on my machine (yes or no, or I don't know): yes

3748×1206 123 KB

Hello, I have Unifi System .any help about this will be appreciate !!! thank you.

Home Assistant at Hyper-V VM, MariaDb with Nginx PM. Duckdns Service

Port Forwarding from 80 to 192.168.1.240:80, 443 to 192.168.1.240:443

• NPM MESSAGES

INTERNAL ERROR

Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-40" --agree-tos --email "j********7@gmail.com" --preferred-challenges "dns,http" --domains "homeassistant***.duckdns.org" 
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for homeassistant***.duckdns.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain homeassistant***.duckdns.org
http-01 challenge for homeassistant***.duckdns.org
Cleaning up challenges
Some challenges have failed.

    at ChildProcess.exithandler (child_process.js:308:12)
    at ChildProcess.emit (events.js:315:20)
    at maybeClose (internal/child_process.js:1048:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5)

• HA NPM Reg

[5/28/2021] [6:13:35 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[5/28/2021] [6:13:35 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #40: homeassistant***.duckdns.org
[5/28/2021] [6:13:41 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[5/28/2021] [6:13:41 PM] [Express  ] › ⚠  warning   Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-40" --agree-tos --email "j********7@gmail.com" --preferred-challenges "dns,http" --domains "homeassistant***.duckdns.org" 
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for homeassistant***.duckdns.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain homeassistant***.duckdns.org
http-01 challenge for homeassistant***.duckdns.org
Cleaning up challenges
Some challenges have failed.
[28/May/2021:18:15:37 -0700] 200 - GET http 192.168.1.240 "/" [Client 192.168.1.64] [Length 625] [Gzip 1.88] "HomeNet/1.0" "-"

There is a LOT of people in same situation at HOME ASSISTANT Community forum, here you have a example of just 1 Topic HERE

Any idea ??

Thank you.

Have you tried to see if you are able to view your HomeAssistant instance outside of your network?
Because Let's Encrypt requires port 80 (at least) for HTTP-01 challenge, and a simple port test turns out that the port on the hostname you provided is "filtered".
If port 80 is filtered, there's no way you would pass that HTTP-01 challenge, hence might be the reason your certificate request failed.

Thank you

Sorry about my delay...........I am back to the proyect and still in same issue, like title say, I want to use Nginx Proxy Manager (NPM) with duckdns at HA. I have normal port forwarding and I was able to see my Home Assistant Server (for test becouse NPM work little different) ......so I dont really know where the issue is.........here the last log at NPM:

[6/21/2021] [7:06:15 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[6/21/2021] [7:06:15 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #57: homeassistant***.duckdns.org
[6/21/2021] [7:06:17 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[6/21/2021] [7:06:17 PM] [Express  ] › ⚠  warning   Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-57" --agree-tos --email "j********7@gmail.com" --preferred-challenges "dns,http" --domains "homeassistant***.duckdns.org" 
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /data/logs/letsencrypt for more details.

I just try like 4-6 time

thank you @stevenzhu for you assistance.

You've hit the Let's Encrypt rate limit because too many authorization attempts failed recently. You get a maximum of 5 per hour. Rate Limits - Let's Encrypt

The main problem will be that when the challenge response is written to disk, the webserver responding on port 80 must reply with these challenge responses (from disk). so http://homeassistant***.duckdns.org/.well-known/acme-challenge/<a response file> has to work, or http validation will just never work.

How is nginx involved here, is it a reverse proxy back to home assistant? Hassio has a Let's Encrypt plugin you can use.

Hi, @webprofusion , yes NPM is a reverse proxy, and it do everything with Let's Encript SSL Cert too Link to Addon , I am going to double check setting and try to resolve it, if I need any extra help, I will let you know again.....thank you !!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.